I am having some difficulty understanding why the authorize section has that name. It does not authorize anything per se, and in fact that word does not appear in the phrase if you try to describe what it actually does (which seems to be: define the processing pipeline for a given request).
This is the way I kind of expected it to be:
"Authentication" answers the question: "are these credentials valid for this user ?". If not, then we reject the user and do not go any further.
"Authorization" answers the question: "is this user allowed to access the resource at this time ?", and it usually assumes a preauthenticated user. This stage implements time limits and all sorts of other arbitrary restrictions and can be independent of HOW the user was actually authenticated.
According to the above, only the last two items in that section actually belong there (daily and checkval). Lumping everything else together in that section makes the config file difficult to "parse" due to known concepts being given different meanings.
-- L.C. (Laurentiu C. Badea)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
